Cyber criminals. Target HR professionals with venom spider malware, fake AI video generators, drop new noodle file info, stealer malware, rumors of a massive cyber attack, fly alongside missiles in the India Pakistan conflict and cs. A warns of a cyber attacks targeting the US oil and gas infrastructure. This is Cybersecurity today, and I'm your host, David Shipley.
Threat actors are targeting organizations by disguising their malware payloads as resume submissions to human resources departments. Sean Nichols from SC Media reported this weekend that a privately run malware operation known as Venom Spider, has been targeting HR professionals by way of phony resume submissions and fake personal websites pretending to be job seekers.
The threat actors are believed to be financially motivated using the malware to harvest user credentials and account details from infected systems. In the past, venom Spider looked for low hanging fruit, typically going after e-commerce sites and payment portals. However, the threat actors have broadened their horizons and have pivoted to targeting HR portals and job hunting services such as LinkedIn as the initial threat factor. The turn in venom spider's tactics was reported by Arctic Wolf.
Going after HR teams with resume themed blurs is a tried and true cyber criminal tactic. Some of the earliest stories on this go back to 2017 when ransomware gangs turned to fake job applications to distribute their malware. In addition to specific training for HR teams who handle submitted resumes via email or online portals. Providing tools to help these teams, either in the form of safer submission methods or additional scanning and scrutiny for files sent to them is well warranted.
It's also a reminder to everyone listening that attackers recycle tactics, and it's not just about focusing your defensive efforts on the latest and greatest trends in threat actor activity. What's old often becomes new again. Fake AI powered video generation tools are being used to distribute a new information stealing malware family called Noodlofile file under the guise of generated media content.
The websites use enticing names like Dream Machine and are advertised on high visibility groups on Facebook. Posing is advanced artificial intelligence tools that generate videos based on uploaded user files. Reports build Toolless for bleeping computer. Although the use of AI tools to deliver malware isn't a new concept, and it's been adopted by cybersecurity criminals who are quite experienced, the discovery of the latest campaign by Morphos SEC introduces a new info stealer into the mix.
As a reminder, the recent Disney Slack data breach was also the result of someone dowNoodlofileading what they thought was an AI tool. Noodlofile file is a new information stealer malware that targets data stored on web browsers like account credentials, session cookies, tokens, and cryptocurrency wallet files. New low file Steeler represents a new addition to the malware ecosystem. Previously undocumented in public malware trackers or reports.
This Steeler combines browser credential theft wallet, exfiltration, and optional remote access deployment. End explain the morphy SEC researchers. Stolen data is exfiltrated via Telegram bot, which serves as a covert command and control, or C two server. Giving attackers real-time access to stolen information admits the chaos of the current India Pakistan conflict.
Rumors of impending cyber attacks on India's financial services sector have been circulating across social media in a massive misinformation campaign. India's business today reported Friday that a wave of misinformation was circulated on social media platforms, particularly WhatsApp warning users of a supposed nationwide cyber attack. The viral message falsely claimed that a ransomware attack attributed to Pakistan will lead to all ATMs in the country being shut down for two to three days.
The message also references a so-called video titled quote, dance of the Hillary End Quote, which it alleges contains a virus capable of formatting users' mobile devices upon being opened. Indian authorities have confirmed that no such threat is known to exist. India's Press Information Bureau, or PIB has officially debunked the claims labeling as entirely false.
PIB urged the public not to believe or forward these kinds of messages emphasizing the importance of verifying information before sharing it. Officials continue to encourage users to rely on trusted sources for cybersecurity updates, and to report suspicious content to help curb the spread of misinformation. This latest misinformation campaign comes in the heels of rumors that Pakistan's military had hacked up to 70% of India's power grid. Another claim that India has strongly rebuked.
Interestingly, India appeared to engage its financial services sector ahead of its military action last week with the Indian Express reporting that major banks have been warned to step up their cybersecurity efforts. On Friday evening, India's finance minister also chaired a review meeting on cybersecurity preparedness of banks and financial institutions.
Cybersecurity and infrastructure security agency, or CISA, along with the FBI, department of Energy and Environmental Protection Agency has warned organizations of cyber tax targeting operational technology and industrial control systems in the US oil and natural gas sector.
According to the government agencies, while cyber criminals usually implement basic and elementary intrusion techniques for attacks on such infrastructure, the presence of poor cyber hygiene and exposed assets can lead to severe impact, including operational disruptions and physical damage.
Swedish Schwar reports for CISO online, Gabriel Hempel, security operations strategist and threat intelligence researcher for the Exabeam 10 18 team echoed the advisory's concern in an interview with CSO online quote. There's definitely some systemic negligent in addressing known vulnerabilities. End quote, Hempel said, quote, the energy sector and a lot of critical infrastructure often relies on legacy systems, either not having the means or the knowledge to properly lock down their landscape.
End quote. A reminder for Canadian listeners that Canada failed to pass cyber critical infrastructure legislation this spring for its oil and gas sector, and that Canada suffered a major breach in the last few years where a Russian threat actor tried to actually cause a physical incident. CISA's warning comes as it faces a nearly 20% budget cut and a strategy shift at the federal level to shift more responsibility to the state level.
Both of these moves could leave the nation more at risk from hostile actors targeting critical infrastructure. Finally, if you haven't listened to Jim's phenomenal weekend interview with Daniel Brules, the former National Labor Relations Board IT staffer, and now high profile whistleblower on security issues related to Doge. You should take 30 minutes and catch up. Jim and Daniel dive into a series of significant security lapses that defy logic and reason.
We are always interested in your opinion, and you can contact us at [email protected] or leave a comment under the YouTube video. I've been your host, David Shipley, sitting in for Jim Love, who will be back on Wednesday. Thanks for listening. I.